Specifications
Security Options 65
Chapter 5
Network – An IP subnet, consisting of a network number and subnet mask.
Alias – When Alias is selected, allows selection of a pre-defined
source/destination alias, or creation of a new one. See the section of this
guide entitled “Source/Destination Aliases” for more information on these
aliases.
Service
Traffic flows are identified in part by their service type. A service type may be
defined by IP protocol number, TCP port number(s), or UDP port number(s).
Four options are available for service selection:
Any – Represents any service.
TCP – Matches TCP packets destined to the specified port(s). To specify a
single port, enter it in the Port1 field. To specify a range of ports, enter the
lower port number in the Port1 field, and the upper port number in the Port2
field.
UDP – Matches UDP packets destined to the specified port(s). To specify a
single port, enter it in the Port1 field. To specify a range of ports, enter the
lower port number in the Port1 field, and the upper port number in the Port2
field.
Service – Matches a pre-defined service alias, and also provides the ability to
create a new service alias by clicking the “New” button. The use of a service
alias allows for a more easily readable and understandable policy. For more
information about service aliases, please see the section of this guide entitled
“Service Aliases”.
Protocol – Matches an IP protocol number. For example, IPSec ESP uses
protocol number 50 (IPSec ESP is also a pre-defined service alias called
“svc-esp”.)
Action
The traffic policy action defines what the disposition of packets matching the
rule will be. Five options are available:
Permit – Forwards the packet unmodified
Deny – Silently drops the packet